[!INCLUDE sqlserver]

An Azure Arc-enabled instance of [!INCLUDE ssnoversion-md] is an instance on-premises or in a cloud provider that is connected to Azure Arc. This article explains those prerequisites.

Before you can Arc-enable an instance of [!INCLUDE ssnoversion-md], you need to:

• Have an Azure account with an active subscription. If needed, create a free Azure Account.

• Verify Arc connected machine agent prerequisites. The Arc agent must be running in the typical 'full' mode.

• Verify Arc connected machine agent network requirements.

• Open firewall to Azure Arc data processing service.

• Register resource providers. Specifically:

  • Microsoft.AzureArcData
  • Microsoft.HybridCompute

  For instructions, see Register resource providers.

To Connect SQL Servers on Azure Arc-enabled servers at scale using Azure policy:

• The service principal requires read permission on the subscription.

• The installation account requires:

  • User Access Administrator role assignment is required in the subscription if you are creating a new system assigned managed identity.
  • Resource Policy Contributor role assignment for the scope that you're targeting. The scope may be either subscription or resource group.

For all the other onboarding methods:

• The service principal requires read permission on the subscription.

• User or service principal must have permissions in the Azure resource group to complete the task. Specifically:

  • Azure Connected Machine Onboarding role
  • Microsoft.AzureArcData/register/action
  • Microsoft.HybridCompute/machines/extensions/read
  • Microsoft.HybridCompute/machines/extensions/write

Users can be assigned to built-in roles that have these permissions, for example Contributor or Owner. For more information, see Assign Azure roles using the Azure portal.

• Have local administrator permission on the operating system to install and configure the agent.
  • For Linux, use the root account.
  • For Windows, use an account that is a member of the Local Administrators group.

Arc-enabled [!INCLUDE ssnoversion-md] requires outbound connection to Azure Arc data processing service. Each virtual or physical server requires connectivity to:

• URL: san-af-<region>-prod.azurewebsites.net
• Port: 443
• Direction: Outbound

To get the region segment of a regional endpoint, remove all spaces from the Azure region name. For example, East US 2 region, the region name is eastus2.

For example: san-af-<region>-prod.azurewebsites.net should be san-af-eastus2-prod.azurewebsites.net in the East US 2 region.

For a list of supported regions, review Supported Azure regions.

For a list of all regions, run this command:

az account list-locations -o table

[!INCLUDE supported-configurations]

[!INCLUDE unsupported-configurations]

To register the resource providers, use one of the following methods:

1. Select Subscriptions.
2. Choose your subscription.
3. Under Settings, select Resource providers.
4. Search for Microsoft.AzureArcData and Microsoft.HybridCompute and select Register.

Run:

Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
Register-AzResourceProvider -ProviderNamespace Microsoft.AzureArcData

Run:

az provider register --namespace 'Microsoft.HybridCompute'
az provider register --namespace 'Microsoft.AzureArcData'

Before configuring your [!INCLUDE ssnoversion-md] instances and machines with Azure Arc, review the Azure Resource Manager subscription limits and resource group limits to plan for the number of machines to be connected.

[!INCLUDE azure-arc-data-regions]

• Automatically connect your SQL Server to Azure Arc